Today, we have entered the fourth wave of cybersecurity threats, where AI is a double-edged sword. Adversaries now collapse patch windows in minutes, making traditional weekly cycles obsolete.
In banking and government, these are not just data loss events; they threaten national security and physical safety. At the same time, fast advancements in AI model development are currently leading to new cybersecurity risks, which are especially significant to BFSI and government organisations.
“Such trends may involve phishing using AI-generated content, deepfake impersonation, automation of social engineering techniques, creating synthetic identities, designing AI-powered malware, AI-driven vulnerability research, and attacking AI models. Unlike traditional attacks, those powered by artificial intelligence are highly scalable and personalized, allowing attackers to circumvent existing defense systems,” JP Mishra, founder, Deep Algorithms.
Explaining further, Mishra says that in terms of banking, these cyber risks may cause account takeover, payment fraud, identity theft, illegal access to bank infrastructure, and compromise of customers' sensitive data. “When it comes to governments, these threats may be employed by malicious actors to attack the digital infrastructure of governments, steal citizens' information, compromise important databases and governmental administrative services,” added Mishra.
Experts point out that as India rapidly transforms itself into a fully digital society through online banking, digital payments, and digital governance, cybersecurity attacks powered by AI technologies will only become even more advanced and challenging. Therefore, investments in AI-based security, identity protection, threat intelligence, and resilience are crucial.
“The threat is also geopolitical. When export controls lock AI models or sanctions leave Indian organisations unable to provision Western stacks, India's structural vulnerability becomes undeniable. At the same time, sovereign cybersecurity is not protectionism, it is optionality. Nations and enterprises need localised, governed AI models to secure their data and maintain geopolitical resilience,” remarked Pankit Desai, cofounder and CEO, Sequretek.
Interestingly, Sequretek is building the Percept platform so enterprises are not hostage to another nation's foreign policy. “True security requires aligning technology with the classic triad of people and processes. We then move from "Make in India" to "Made for the World." The next decade belongs to those who prove dependence was a choice, not destiny,” said Desai.
Experts further point out that the convergence of cheap generative audio or video, agentic LLM tooling, and India's digital-public-infrastructure stack (UPI, Aadhaar, DigiLocker, NIC email, GeM) has produced a distinctly Indian threat surface. Banks face voice cloned UPI fraud and deepfake V-CIP, the state faces deepfake disinformation, synthetic-identity DBT leakage, and agentic APTs against NCIIPC-protected infrastructure.
“Voice plus video deepfakes are now the dominant social-engineering vector in Indian retail banking. Experts must treat voice-bio as a soft factor, not a hard one. India's DPI (UPI, Aadhaar, DigiLocker) is a force multiplier for citizens and attackers. Every new GenAI rail must be threat-modelled at the DPI (Deep packet inspection) layer, not just the app layer. Agentic LLM intrusions collapse defender dwell-time advantage and as a result, cooperative banks, PSUs and state-IT departments can be the main targets. Sovereign-LLM push (IndiaAI Mission) is needed for data-residency but expands supply-chain risk demand signed weights, model SBOMs, red-team evidence,” explained Sudin Baraokar, Global AI and Quantum Advisor and the former technology office at the State Bank of India.
